crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal cipher suite preference order, based on their security and performance. Peer and application lists are now treated as filters (and AES hardware support hints) that are applied to this universal order. This removes a complex and nuanced decision from the application's responsibilities, one which we are better equipped to make and which applications usually don't need to have an opinion about. It also lets us worry less about what suites we support or enable, because we can be confident that bad ones won't be selected over good ones. This also moves 3DES suites to InsecureCipherSuites(), even if they are not disabled by default. Just because we can keep them as a last resort it doesn't mean they are secure. Thankfully we had not promised that Insecure means disabled by default. Notable test changes: - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the right certificate regardless of CipherSuite ordering, which is now completely ignored, as tested by TestCipherSuitePreference. Removed. - The openssl command of TestHandshakeServerExportKeyingMaterial was broken for TLS 1.0 in CL 262857, but its golden file was not regenerated, so the test kept passing. It now broke because the selected suite from the ones in the golden file changed. - In TestAESCipherReordering, "server strongly prefers AES-GCM" is removed because there is no way for a server to express a strong preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha" switched to ChaCha20 when the server lacks AES hardware; and finally "client supports multiple AES-GCM" changed to always prefer AES-128 per the universal preference list. * this is going back on an explicit decision from CL 262857, and while that client order is weird and does suggest a strong dislike for ChaCha20, we have a strong dislike for software AES, so it didn't feel worth making the logic more complex - All Client-* golden files had to be regenerated because the ClientHello cipher suites have changed. (Even when Config.CipherSuites was limited to one suite, the TLS 1.3 default order changed.) Fixes #45430 Fixes #41476 (as 3DES is now always the last resort) Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5 Reviewed-on: https://go-review.googlesource.com/c/go/+/314609 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Filippo Valsorda <filippo@golang.org>
2025-04-03 20:17:36 +03:00 · 2021-04-28 01:37:09 -04:00 · 2021-04-28 01:37:09 -04:00 · 89df05a1c4
commit 89df05a1c4
parent 7d3285645e
68 changed files with 3753 additions and 3814 deletions
--- a/testdata/Client-TLSv13-Ed25519
+++ b/testdata/Client-TLSv13-Ed25519
@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 7b 00 05 00 05  01 00 00 00 00 00 0a 00  |...{............|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@ -16,53 +16,53 @@
 000000e0  e5 7d a3 47 cd 62 43 15  28 da ac 5f bb 29 07 30  |.}.G.bC.(.._.).0|
 000000f0  ff f6 84 af c4 cf c2 ed  90 99 5f 58 cb 3b 74     |.........._X.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 7a 02 00 00  76 03 03 a8 21 4e 51 6a  |....z...v...!NQj|
-00000010  ce ba 17 cc 2d 25 b3 31  59 6a 3f 81 eb e6 ac a0  |....-%.1Yj?.....|
-00000020  91 d9 ef 76 a1 5f bb 63  ab 2c 6b 20 00 00 00 00  |...v._.c.,k ....|
+00000000  16 03 03 00 7a 02 00 00  76 03 03 6f b6 d3 79 9b  |....z...v..o..y.|
+00000010  00 17 a8 46 3f e4 bc fc  08 1e 56 6c d8 63 86 f3  |...F?.....Vl.c..|
+00000020  83 1b d8 26 6d 86 d6 4c  f3 4f e1 20 00 00 00 00  |...&m..L.O. ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 01 00 00  |................|
-00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 81  |..+.....3.$... .|
-00000060  4c a8 07 aa 6b 4a f9 44  77 78 a9 57 d0 07 55 07  |L...kJ.Dwx.W..U.|
-00000070  9a c2 8e 33 bf c4 09 ee  49 51 5c fe f1 7b 30 14  |...3....IQ\..{0.|
-00000080  03 03 00 01 01 17 03 03  00 17 5a 22 a1 07 01 ea  |..........Z"....|
-00000090  97 bd 5a 59 3a 21 de 9c  45 0c 41 ff 34 45 35 ab  |..ZY:!..E.A.4E5.|
-000000a0  25 17 03 03 01 50 a1 8c  19 e7 0c 69 d3 e0 f6 53  |%....P.....i...S|
-000000b0  95 15 13 4c e3 c3 3f 35  d9 73 c9 fe 24 b0 14 5f  |...L..?5.s..$.._|
-000000c0  b6 9e 94 20 cf 80 f7 88  7c 0f be 4c 70 16 00 2a  |... ....|..Lp..*|
-000000d0  55 02 aa a9 4b 7f a7 a5  b8 46 09 9e 18 78 78 66  |U...K....F...xxf|
-000000e0  22 c2 31 19 12 f7 e4 7e  f3 26 39 7d cd 5e 74 24  |".1....~.&9}.^t$|
-000000f0  fb 75 7d b7 2c b5 fb e0  49 bd da 96 e1 c3 63 8f  |.u}.,...I.....c.|
-00000100  e3 28 43 bb 32 a7 fd 9c  ab 54 ba ce 07 4a 23 35  |.(C.2....T...J#5|
-00000110  a4 3a ff 43 40 19 ef 38  07 02 ba d6 c4 f0 bf 63  |.:.C@..8.......c|
-00000120  aa b3 ea 55 d0 e1 a9 f3  cb 04 6b 1b 8d 35 3a f8  |...U......k..5:.|
-00000130  0b 1c 40 99 fe b0 04 5f  d1 5b 3f 4b be fe b5 96  |..@...._.[?K....|
-00000140  f0 49 3d bf a5 92 f3 bd  a6 4c 47 24 f8 b5 7c 45  |.I=......LG$..|E|
-00000150  47 85 9b 08 a1 da 51 7a  ce 3f 32 66 de 89 c0 c3  |G.....Qz.?2f....|
-00000160  ac da 73 0d 15 14 18 e6  a0 7d 07 26 44 df 55 b7  |..s......}.&D.U.|
-00000170  6e 4e fa c0 f5 5e 42 3a  d9 29 d3 1d e6 cf 3c 8c  |nN...^B:.)....<.|
-00000180  6d c1 d9 f9 04 f0 57 dc  47 4e d1 e2 a1 f1 a1 c9  |m.....W.GN......|
-00000190  2e da 97 4d 65 65 04 54  e7 80 f1 88 b2 34 26 61  |...Mee.T.....4&a|
-000001a0  77 8a 1f bb 82 7f 4b ce  b3 5a 55 60 e1 3a ef 95  |w.....K..ZU`.:..|
-000001b0  bd 34 fc ef 2b 18 4b bb  8a cf ba 3a 69 43 f4 59  |.4..+.K....:iC.Y|
-000001c0  98 a1 95 a3 22 f6 b5 1a  84 83 cf cb 90 eb 28 29  |....".........()|
-000001d0  b3 84 e1 0d 37 9e 98 96  91 73 f1 7f d7 9b 71 38  |....7....s....q8|
-000001e0  6e bc 2e 60 2d 27 0c 18  fd 2a b8 76 01 33 2f 95  |n..`-'...*.v.3/.|
-000001f0  6e 0b bf 2b 26 5e 17 03  03 00 59 ed 43 2f e8 df  |n..+&^....Y.C/..|
-00000200  f3 2f 91 f3 dc 1b aa ff  d3 3b 28 1f 78 21 fb e2  |./.......;(.x!..|
-00000210  7d 6e 03 09 98 c1 23 09  d7 45 da b8 e0 5a e5 27  |}n....#..E...Z.'|
-00000220  38 9a 2f da 9b d3 04 35  f5 b9 31 b0 c0 1f 8a 1e  |8./....5..1.....|
-00000230  d8 8a 19 f1 38 af a6 74  ac e5 b4 0d 45 83 b4 59  |....8..t....E..Y|
-00000240  83 42 97 14 23 55 71 ef  66 8c 35 69 3f 2c 88 63  |.B..#Uq.f.5i?,.c|
-00000250  8d 3b 05 fe 17 03 03 00  35 47 82 ec 22 f4 86 6a  |.;......5G.."..j|
-00000260  b7 c1 d8 64 3b 42 f4 ca  5c 3d ba a3 6a ea 77 6a  |...d;B..\=..j.wj|
-00000270  d6 52 e3 b0 42 fb c2 f1  2c b1 ef 44 ed 11 29 6d  |.R..B...,..D..)m|
-00000280  2b 6f 13 0f 42 48 a0 2e  5b ba a1 93 6b de        |+o..BH..[...k.|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 13 03 00 00  |................|
+00000050  2e 00 2b 00 02 03 04 00  33 00 24 00 1d 00 20 5b  |..+.....3.$... [|
+00000060  8f 4f 5a a9 95 6b 04 07  31 d3 ed 91 8b 25 b4 7b  |.OZ..k..1....%.{|
+00000070  5c a1 0a a6 26 09 92 9b  b0 72 26 f9 0d 09 60 14  |\...&....r&...`.|
+00000080  03 03 00 01 01 17 03 03  00 17 a8 99 d3 76 1f 12  |.............v..|
+00000090  19 18 15 8e 4c 59 43 92  11 4a aa 50 98 7e 4c d9  |....LYC..J.P.~L.|
+000000a0  63 17 03 03 01 50 66 f5  d6 ce 35 0f 10 e5 ab 34  |c....Pf...5....4|
+000000b0  78 17 c6 b6 60 40 eb 53  34 9f ce 02 c4 36 51 18  |x...`@.S4....6Q.|
+000000c0  c2 b3 fb f3 98 92 d0 f2  b7 be 28 f5 c7 2d fa 1f  |..........(..-..|
+000000d0  9b 8b aa e5 45 54 6b 0e  ed 6b 44 cb d4 4d 62 b2  |....ETk..kD..Mb.|
+000000e0  30 c9 df ac cf a3 7e 43  58 1e bf 6e 5b 69 4e 48  |0.....~CX..n[iNH|
+000000f0  1c 39 49 eb 8a 0c 22 f3  70 4a 80 50 39 d6 68 29  |.9I...".pJ.P9.h)|
+00000100  d0 6d 08 20 26 39 6d 37  5a 9f 79 e9 16 e3 7e 94  |.m. &9m7Z.y...~.|
+00000110  8f 5f 9b 97 2d e1 b1 48  e4 a3 36 63 40 5a 80 93  |._..-..H..6c@Z..|
+00000120  06 27 3b 93 d9 ed 2d b1  3e 74 ed bc 38 a1 cb 17  |.';...-.>t..8...|
+00000130  06 4a 9b c1 c1 d7 7a 1c  ca ff 4d ee 91 6d d0 3c  |.J....z...M..m.<|
+00000140  c2 4b cc 33 c6 7c 76 8e  db a2 e0 fe 15 e2 ec db  |.K.3.|v.........|
+00000150  1f 5d 05 c8 5e 0e 7f 2c  7a 95 08 34 68 a2 2c 7c  |.]..^..,z..4h.,||
+00000160  04 16 92 7a c8 ec 52 2d  1a c4 7a ea 12 cd 0f b9  |...z..R-..z.....|
+00000170  7c 00 51 55 02 5b 02 7d  ec 89 af f5 6d 76 89 0e  ||.QU.[.}....mv..|
+00000180  67 42 f0 e4 67 4d 3f 70  ff 2c 64 81 1c 4a 92 1f  |gB..gM?p.,d..J..|
+00000190  26 8b a4 4f 15 18 b5 11  4a 61 df 45 53 74 fd 8d  |&..O....Ja.ESt..|
+000001a0  ff 22 32 91 af c7 7f a4  7b 62 c3 3b 30 51 b6 34  |."2.....{b.;0Q.4|
+000001b0  b6 01 21 f9 86 74 be 62  27 1a 41 1f f0 0d 8b 5c  |..!..t.b'.A....\|
+000001c0  4b 82 ea 76 23 9c 36 af  25 1f f6 2d 5f 9c 28 bd  |K..v#.6.%..-_.(.|
+000001d0  b6 d5 1e 26 8b c1 dc ac  ed 6d 10 ff 13 ed fc 08  |...&.....m......|
+000001e0  08 0a 74 1c b1 5b f8 45  e4 83 44 f2 be ce 8d ac  |..t..[.E..D.....|
+000001f0  ee ae e6 21 da c7 17 03  03 00 59 d9 b3 95 0a f7  |...!......Y.....|
+00000200  1a 1a 54 fa ab 09 38 6d  6d 53 0a ef 11 73 bc a2  |..T...8mmS...s..|
+00000210  20 03 31 48 e2 0a d1 af  56 6c ca dd 88 ba 72 3a  | .1H....Vl....r:|
+00000220  c1 e0 c5 60 44 74 d6 c9  18 23 96 2c e7 88 c8 3e  |...`Dt...#.,...>|
+00000230  02 73 c0 38 d4 bd 85 a4  bb 78 a0 ba d3 fd f1 c4  |.s.8.....x......|
+00000240  27 08 05 fb 2c 26 20 b7  1a 41 87 a6 b7 97 19 26  |'...,& ..A.....&|
+00000250  50 ed 9a e4 17 03 03 00  35 68 36 c7 78 c3 5e ff  |P.......5h6.x.^.|
+00000260  b3 92 a7 25 31 2a a2 fa  24 d9 da 69 16 03 8b db  |...%1*..$..i....|
+00000270  fe b2 3f 63 88 49 f1 14  63 7a 58 a9 6f c5 64 92  |..?c.I..czX.o.d.|
+00000280  21 84 82 d8 49 98 fb f3  f1 fd 52 83 32 97        |!...I.....R.2.|
 >>> Flow 3 (client to server)
-00000000  14 03 03 00 01 01 17 03  03 00 35 11 45 8f b2 e0  |..........5.E...|
-00000010  87 3d 09 94 93 16 19 04  3d 84 6c e5 14 5e c6 8b  |.=......=.l..^..|
-00000020  73 1a 53 4c d0 f4 11 27  0c 0d 05 c7 9d ba d0 04  |s.SL...'........|
-00000030  37 ed 8b 8a 65 34 54 b1  07 36 92 8c 8c a8 30 b7  |7...e4T..6....0.|
-00000040  17 03 03 00 17 ea fc b8  84 8d f0 9d 8e 1c 2c 65  |..............,e|
-00000050  10 a8 69 7f dd 3c a4 80  45 5d c3 38 17 03 03 00  |..i..<..E].8....|
-00000060  13 15 4b b7 23 2f 55 b0  ae d3 3f f6 68 c9 b2 ef  |..K.#/U...?.h...|
-00000070  d7 e2 18 49                                       |...I|
+00000000  14 03 03 00 01 01 17 03  03 00 35 07 7b a2 7a 4f  |..........5.{.zO|
+00000010  40 e9 a2 94 9f b7 2d 91  87 1e 37 b0 ca b7 ea 91  |@.....-...7.....|
+00000020  53 f1 bf 7d 56 6a 0c 6a  9d 07 ac 93 9c db ca ac  |S..}Vj.j........|
+00000030  43 7b eb 56 9d 6c 79 f2  72 f8 0b 8d 15 08 84 d5  |C{.V.ly.r.......|
+00000040  17 03 03 00 17 07 b3 7d  a9 56 c4 76 e5 12 97 29  |.......}.V.v...)|
+00000050  b7 99 e6 3e 08 79 2d fb  1a 5b eb 7a 17 03 03 00  |...>.y-..[.z....|
+00000060  13 66 b7 65 57 0d 54 7b  6a 34 98 a1 4e 29 d5 92  |.f.eW.T{j4..N)..|
+00000070  1e b6 52 bc                                       |..R.|